Debricking Buffalo WBMR-HP-G300H

I recently got my hands on a Buffalo WBMR-HP-G300H. It was a bricked device, my initial plan was to unleash my FTDI USB to JTAG adaptor to overwrite to the chip. While I was searching for flashing pinout, I found this device had a special extra recovery feature. If you create a proper network environment for the device, the device would try to boot an image from the network.

First of all, you need another switch between your Buffalo and your PC. This can be any switch. Modem requests the firmware at boot. Without this extra switch, most systems cant get their interface in time to catch the TFTP request. Just make sure the 192.168.11. VLAN is not occupied in the extra modem.

Your machine needs to get the IP address of 192.168.11.2. You can use the network manager to make this setup.

1

Put the image in the TFTP root folder. If you don't know the location of this folder, you can check

systemctl start tftpd
systemctl status tftpd

tf

My folder was /srv/tftp/. You need to put your image under the name firmware.ram to that location. To follow the operation you can setup Wireshark capture. Unplug the Buffalo. Press to the AOSS button and hold while you plug the modem, wait for 5 seconds and release. If you are successful you will see

2

When it is over you will see Block:xxx (last)

3

Now your modem booted up with the new firmware. The new firmware will get the IP address of 192.168.1.1 so current network configuration won't allow you to talk with it.

4

You can also remove the extra switch and just ask a DHCP IP from buffalo, I was little too lazy for that. Now login with id root and password blank. This just a temp system, so flash a new firmware for a permanent system

5

Password is blank. For the latest firmware download the sysupgrade image from official page.

6

7

Image I used can be downloaded from here.

Now you have a working openWRT modem.

Published under  on .

Root101

Open Source and Linux, Notes, Guides and Ideas